August 2023

Take control of your Security: How to use Build-Info in your VCS to track vulnerable versions

Aug 29, 2023 By Asaf Gabai In JFrog

Tracking vulnerabilities and compliance requirements is essential for maintaining application security in any software project. However, this process can be time-consuming and complicated, especially as new issues are identified. Fortunately, the JFrog build-info provides a comprehensive solution by recording key information about your project’s build. With build-info, you can easily track vulnerable versions of your project and ensure that your software stays secure.

Read Post

JFrog

Read more about Take control of your Security: How to use Build-Info in your VCS to track vulnerable versions

Shifting Left of Left: Secure Enterprise Data with JFrog Curation

Aug 17, 2023 By Prasanna Raghavendra In JFrog

In 2022, nearly 1,700 entities across the globe fell victim to software supply chain attacks, impacting over 10 million people. Nearly each of these attacks included some element of faulty or nefarious open-source code. Software developers commonly rely on open-source components to speed up the development process, but as we can see, this practice has the potential to introduce malicious packages and vulnerabilities into the code due to the lack of proper curation and maintenance.

Read Post

JFrog

Read more about Shifting Left of Left: Secure Enterprise Data with JFrog Curation

Spring WebFlux - CVE-2023-34034 - Write-Up and Proof-of-Concept

Aug 8, 2023 By Yair Mizrahi In JFrog

Spring Security’s newly released versions contain a fix for a broken access control vulnerability – CVE-2023-34034 – which was given a critical NVD severity (CVSS 9.8) and a high severity by Spring’s maintainers.

Read Post

JFrog

Read more about Spring WebFlux - CVE-2023-34034 - Write-Up and Proof-of-Concept

DevOps Speakeasy with Brett Smith

Aug 7, 2023 By JFrog In JFrog

We caught up with Brett Smith, Software Architect at SAS. In his session, Supply Chain Robots, Electric Sheep, and SLSA Brett discusses creating automation, shifting left, attack vectors, attestation, verification, zero trust, and how the SLSA specification helps implement solutions for each. Most importantly, security must apply throughout a pipeline. The talk will lead to a larger discussion about the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.

View Video

JFrog

Read more about DevOps Speakeasy with Brett Smith

DevOps Speakeasy with Tracy Ragan

Aug 7, 2023 By JFrog In JFrog

This episode of DevOps Speakeasy features Tracy Ragan, CEO of DeployHub and CDF board member. Ragan joins us to discuss how to secure your DevOps pipeline with new security tools. There has been a security awakening among IT teams around the world. This awakening has resulted in the release of new open source tools that you can use today. From hardening the build process to gathering actionable supply chain intelligence. Her session will review the new generation of open source security tools to incorporate into your security strategy.

View Video

JFrog

Read more about DevOps Speakeasy with Tracy Ragan

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2023

Take control of your Security: How to use Build-Info in your VCS to track vulnerable versions

Shifting Left of Left: Secure Enterprise Data with JFrog Curation

Spring WebFlux - CVE-2023-34034 - Write-Up and Proof-of-Concept

DevOps Speakeasy with Brett Smith

DevOps Speakeasy with Tracy Ragan

Monthly Archive

Follow Us